Check If You Have DNSChanger Malware

An estimated 275,000 computers are infected by the DNSChanger malware. Users who have the five year old malware may lose their Internet connection on Monday, July 9. If access to the Internet is ok, the other scenario is, they could be redirected to another website.

So, how do you know if your computer is infected by the DNSChanger malware? There is an organization called DNS Changer Working Group (DCWG) which launched a new tool to check if your computer is infected or not.

Just go to http://www.dns-ok.us/ to check if your PC’s health.

If the box in the resulting website is green, your computer is ok. If the box is red, your computer is infected by DNSChanger. Now, it’s highly unlikely that my Ubuntu desktop contains the DNSChanger malware. Here’s the snapshot of my result.

If you have the malware, you can run any of these free tools to remove DNSChanger.

Bind: Resolve Hostnames Only

Four years ago, I wrote a tutorial on how to install DNS on your Ubuntu desktop. The tutorial still works and is valid to this day. I recently referred to that article when I installed DNS on a machine running on Ubuntu server. While going through the DNS configuration, I couln’t get the DNS to resolve to hostnames only. It’s working with a fully qualified domain name (FQDN), but not the hostname. So, here’s the simple fix to get the DNS to resolve to hostnames.

The Test

ping server  # pinging the hostname doesn't work
ping: unknown host server
 
ping server.example.com  # pinging the FQDN works
PING server.example.com (192.168.1.1) 56(84) bytes of data

The Fix

Edit /etc/resolve.conf and add this to the top of the file.

search example.com.

Restart Bind

sudo /etc/init.d/bind9 restart

Test

ping server  # now the hostname works

Google DNS Benchmarked

Last week, Google made a couple of public DNS servers available to the general public. The claim was Google’s DNS was much faster than any DNS servers available to date. Andrew Brampton ran a series of tests to determine if this claim was indeed true. He tested Google’s DNS against OpenDNS, Sky/Easynet and Plus.net domain name servers. His findings were indeed interesting.

He found that OpenDNS is still faster than Google’s DNS servers, but Google’s DNS is faster than Sky/Easynet and Plus.net. In the meantime, I’ve already set my DNS servers to Google’s. I will probable leave it there since we are only talking microseconds here. Like Andrew’s conclusions, I expect Google’s servers to be optimized and tuned in the near future. It will only get better.

Using Google Public DNS

Google just announced today a new public DNS aimed at making browsing even a faster experience. DNS or domain name servers are servers that translate domain names to IP addresses that computers can understand. Having a faster DNS can definitely make surfing the web a faster experience. In the past, I’ve used OpenDNS as an alternative to my ISP nameservers. Now Google has their own.

nameserver 8.8.8.8
nameserver 8.8.4.4

To use Google DNS.

In Windows, you can open up your network interface IP properties and enter the Google nameservers. In Linux, you can place the Google nameservers in resolv.conf. In your router, you can replace your ISP nameservers with Google’s nameservers. Complete instructions on how to use Google’s nameservers are available from Google’s website.

Google DNS was no surprise to me. It makes perfect sense. What’s next? Web hosting.

Using DIG

Dig is a powerful command line tool for querying IP addresses, DNS servers, mail exchangers, name servers or any related information. With a simple command such as dig www.domain.com from the command line, you can garner a lot of information about that domain. If you want a list mail servers, you can simply type dig www.domain.com mx. If you want a list of nameservers, you can type dig www.domain.com ns. You can do more complex searches using the dig command.